Personal data of over 81 crore Indians have allegedly been leaked and was put out for sale on the dark web. The Covid-19 test data were held with the Indian Council of Medical Research (ICMR), it was reportedly mentioned as the source of the data.
The breach was reportedly noticed by an American cyber-security and intelligence agency.
The data that were put up on the dark web reportedly included information such as name (of the beneficiaries), addresses, phone numbers, Aadhaar card numbers and so on.
The breach was also advertised on X, formerly Twitter, where the ‘threat actor’ put out the details too.
Reportedly, the ‘threat actor’ shared spreadsheets containing four large leak samples with contained one lakh records of personal identifiable information related to Indian residents.
According to Health Ministry officials, the Indian Computer Emergency Response Team (Cert – In) has also been alerted by the ICMR. It is not clear if the hacker breached systems of the ICMR or there was a breach in other sources.
“Verification process of the breach reports are ongoing,” a Health Ministry official said.
This is not the first time that India’s health system has been targeted by hackers.
Earlier this year too there were reports of Covid-19 vaccination data leaks. While initially it was said that the breach occurred through the CoWIN portal, subsequent probe revealed that breaches took place across state government databases.
In November 2022, AIIMS faced a cyber – attack. As the servers went down, it affected the out-patient department (OPD) functioning and also sample collection services.